The judge hearing the CDA-II (Child Online Protection Act)
challenge has ruled that the law is unconstitutional
[1]. No word yet
on whether the government will appeal. (Remember, this is a law
that Janet Reno's Justice Department advised they could not
enforce.) The judge said

Perhaps we do the minors of this country harm if First
Amendment protections, which they will with age inherit
fully, are chipped away in the name of their protection.

Network Solutions, Inc. has recently been falling behind with
registration requests. They say
[2] that domain-name squatters have
been bombarding NSI with bogus requests, crashing their servers and
delaying processing of ordinary business. This activity has been
going on for some time, but in January it reached a level double
that of legitimate registrations. Wired's coverage is here
[3].
This is not a story about speculators or domain-name homesteaders
who put down their money on a bet about the Net's direction. The
squatters pay nothing, financing their bets with everyone else's
money; a subset of them, the squammers, additionally throw sand
in the gears for the rest of us.

Mailing-list discussion -- see this thread on NANOG
[4] for
example -- has fleshed out the picture of the squammers. A squatter
reserves a domain name, perhaps giving a bogus email address and/or
physical address, and ignores the bill when/if it comes. After 30
days NSI suspends the name. When another 30 days have passed and no
payment has arrived NSI releases the name. The original squatter now
showers the registrar with many (probably automated) requests to
re-register that name. Thus the name remains tied up and the
squammer never pays a cent. If a buyer wants the name, they end up
paying the original NSI bill as well as whatever usurious ransom the
squammer has been able to negotiate.

Posters on NANOG are playing the story as yet another example of
NSI's incompetence
[4],
and certainly this interpretation is
supportable. One measure NSI has taken to slow the squammers was to
drop (without announcement) the "initial creation date" and
"current status" fields from the information it publicly reports about
name ownership and status. This will have little impact on
squammers -- surely they know when they registered a name -- but will
break ISPs' existing procedures and software and inconvenience all
legitimate users of the name database. NSI's ill-advised policies
are partly to blame for creating a something-for-nothing
opportunity for squammers in the first place. The miscreants would
vanish into the night if NSI made
registrants supply two valid DNS servers before reserving a name, and
particularly if they required a valid credit-card number up front.

News.com plays one domain-name squatter's story
[5]
as a tale of a
little guy against the megacorp. Their reporter appears to have been
completely bamboozled by Jerry Sumpton
[6] of Freeview Listings,
who lost his bid to extort $13,000 from Avery-Denison Inc. for the names
avery.net and dennison.net.

Ian Andrew Bell shoots straighter
[7].
He points out that Sumpton
holds as many as 30,000 domain names: many proper names and many
words from the dictionary, largely in the .net domain. Sumpton's
business plan of record -- renting mailboxes at $4.95 per month on,
e.g., smith.net -- makes no sense if he has to pay over $1M per year
for the names. It makes sense only if he never pays for a name until
someone signs up for a mailbox on it, or better yet bids to buy it
from him. (Note: no evidence suggests that Sumpton is one of the
squammers; NSI has not made public any results from its attempts to
trace these malfeasors.)

His price is not $4.95 a month but $4.95 a year... he
also charges a $20 startup fee; and my guess is that pretty much
everyone will buy five years at once, as I did. That's $45.
He actually owns about 12,000 domain names according to domainwatch
[8a].
So if his burn rate is $420,000 / yr., he has to find 10,000 people
each year to buy $45 email accounts. Can he get 300 signups a day?

Sounds to me like he would need closer to 1,000 such signups a day, if
he wants to pay for anything more than domain names (such as the rent).
And he gets no more revenue from those customers for 5 years.

The handy Domain Surfer site
[8] offers the fastest way I've found
to explore the domain namespace and winkle out homesteaders,
speculators, and squatters.

Proponents of non-Microsoft operating systems have declared 15
February Windows Refund Day
[9] to encourage PC buyers to get cash back
for the Windows software they have never used. Microsoft's end-user
license agreement gives purchasers the right to obtain a refund
from their PC vendor if they've installed an alternative OS such as
Linux or IBM's OS/2 without having used Windows. The effort was
inspired by Geoffrey Bennett's tale
[10] of pursuing a refund from
Toshiba over 4 months, eventually with success. The Windows Refund
Center
[11] features links to other such stories, some without a
happy ending after two years. On 15 February Linux users in
California plan to show up on the doorstep of their local Microsoft
office for their refunds.

Estee Lauder has filed suit against Excite for selling its
trademarked terms Estee Lauder and Origins to the Fragrance Counter,
a competitor
[12]. Search engines commonly sell keywords to whoever
is willing to pay, displaying the buyer's ad banners whenever a
visitor searches on one of the keywords. So far no law or court
precedent restricts the search companies from selling whatever they
please. The Lauder action is being publicized by BannerStake
[13],
which offers a keyword of your choice to 12 search engines and
displays the banners that they display, if any. I tried the keyword
"Linux" and found that Excite appears to have sold it to Microsoft.
Probably last Halloween
[14].

The journal Nature carries an article
[15] on Net tomography. The
authors have developed skitter, a "tomography scanning tool" that
dynamically discovers and depicts global Internet topology and
measures the performance of specific paths through the Internet. Skitter
uses ping ICMP packets to develop a diagram of Net connectivity at
a point in time. Here is a sample interconnectivity diagram
[16]
(194K).

Another view of the state of Net health is provided by the Internet
Traffic Report[17], which also uses ping to derive indices of
worldwide round-trip times and packet loss. Thanks to Tom Parmenter
<tompar at world dot std dot com> for pointing out this service.

Following Sun's lead
[18], IBM Software Solutions has become a
sponsoring corporate member of Linux International. Besides these two
the roster
[19] now includes Silicon Graphics and Compaq. Missing for
the moment is HP, though that company has recently announced that it
will sell Linux on its NetServer systems and has struck an alliance
with Linux packager Red Hat
[20]. This article
[21] discusses recent
Linux initiatives by HP and SGI.

You've read about the coming wonderful world of intelligent agents
that will make Web comparison-shopping a breeze, once the nirvana of
universal XML arrives to usher in the day. But even now clever folks
are implementing services to help you compare prices for commodities
on the Net. Consider books. The free service AddALL[22] will search
for any book and compare prices, including shipping, across 34
separate online bookstores, and display the results in price order in
the currency of your choice. The search is a little clunky; I find
it's best find my book first at Amazon or Barnesandnoble and then
price-shop at AddALL. The site needs a going-over by someone with a
strong grasp of English syntax, but so what? It's an extremely useful
labor of love and seems to be under constant improvement.

A few months back Glenn Fleischman got to musing on how URLs might
be used like programs, and the result is isbn.nu[23]. You can get
a price comparison, including shipping charges, for any book by
feeding its International Standard Book Number to this site as if
it were a directory name. For example, entering

compares prices for John Hanson Mitchell's Ceremonial Time: 15,000
Years on One Square Mile across 8 online stores. Leave off the
trailing "/price" and the site takes you to Amazon.com's order page
for the book. Prefer another store? You can append the name of one
of 10 other online bookstores from a list on the site.

Note added 1999-02-06:
A largish number of folks wrote to inform me that I had missed the boat
on the subject of book comparison-shopping sites, and most pointed to
Acses [23a] as their favorite. On
the other hand, a few people wrote saying they had never come across the
concept of WebRings before. Both are indicative of the
fact that the Web, like television before it, has grown to the point where
it harbors entire communities  gamers, chat fans, infosurfers, online
auction addicts  who coexist on the medium without sharing a cultural
experience. Acses is a commercial book-comparison site that requires a good
number of clicks to get to the list that AddALL returns immediately. I
would guess that AddALL was developed in reaction to Acses's commercial nature.

On 27 January pressure on Intel increased again to scrap its plans
to include a consumer-identifying serial number in each Pentium III
[24]. A lawmaker in Arizona has said he will file a bill this week
making it illegal for any company to manufacture or sell a PC chip
in that state that features a unique identifying number in the
hardware
[25]. Intel runs two chip fabs in Arizona and its CEO, Craig
Barrett, has a home there. Such a law could have an unintended
impact on Sun Microsystems, whose Sparc chips have for years included
a serial number to prevent piracy.

Cryptographer Bruce Schneier has a commentary on ZDNet
[26]
explaining in simple terms exactly why Intel's scheme will not work to
enhance consumer security or authentication.

Finally, Dan Kohn passes along a pointer to a FAQ
[27] on the Intel
chip flap, which claims that Intel has not turned off the ID number
in the hardware at all, as it claims. (The multi-part FAQ begins
here
[28].)

In the aftermath of the backdooring of ftp.win.tue.nl
[29], the author
of one of the affected utilities, util-linux, has released an updated
package
[30] to the sunsite and tsx-11 software depots. He writes:

If you get it from ftp.win.tue.nl (very unwise), check the md5sum:
d98b2a08c4865c14b9aefec3586c685a util-linux-2.9h.tar.gz

Contrary to a note I posted at
[29] after the email edition went out,
Hotmail administrators were in fact immediately responsive when
notified about the compromised code at ftp.win.tue.nl that referenced
two Hotmail drop boxes, according to John R Levine <johnl at iecc dot
com>, one of the perpetrators of Internet for Dummies.

TBTF for 1999-01-13
[31] covered buy.com and its "sell a buck for 85
cents and make it up on advertising" business model. Now competitor
Onsale has abandoned retail markups and thrown in its lot with the
tulip traders
[32]. It's a win for consumers in the short term, but
how will Web merchants endure in this atmosphere of purest helium?

This note was sent in by faithful TBTF reader Cheryl Stocks <cstock
at ibm dot net>:

I think we have a new urban legend category.

I read your story "Report of a very Confucian incentive is a
joke" [33]
recently, and got a chuckle from it. Today my
husband said "Did you hear that British Air is going to require
40% of its executives to be in the air at midnight, New Year's
Eve, this year?"

A long-time reader sent this account
[34] of a recent job interview
at the US National Security Agency. My informant was not offered a
job but came away impressed with the professionalism, seriousness,
and collegial atmosphere at the agency. Here's an excerpt on
the agency's training program for new hires.

The first interview is with the mathematician who is head of
the training program, which lasts three years. The program
starts with a quick review of algebra and then launches into
crypto stuff, and it's full-time for months at a time, two
hours of lecture and six hours of study every day, in a big
classroom with forty other newly hired mathematicians, some
just out of college, some PhD's.

Last November GeoCities bought Starseed
[35],
the inventor of the WebRing[36]. A WebRing collects many Web sites on a similar topic
(e.g., fan sites for a particular music group) and stitches them
into a circular structure. From any ring member you can move ahead
or back in the ring or jump to the ring's head. Starseed's
implementation of this novel navigation system is highly structured,
with Ring Members (individual sites), Ring Masters, and a central
Ring Server (Starseed's) to enable navigation. At the time of its
purchase by GeoCities, Starseed had attracted 66,000 "affinity
groups" to join in rings; in all 900,000 Web sites participated.

Now that Yahoo has announced plans to acquire GeoCities
[37]
it will be the lord of the rings.

But don't count out the pretender to the throne: Bomis[38], whose
hands-off technology runs rings around any site without requiring
the intervention, or even the knowledge, of its Webmaster. Bomis's
lightweight approach to ring construction wraps ringed Web sites
within frames; an Escape button allows the visitor to jump out of
the ring context and back to the unframed site at any point.

The Bomis maintainers strut a subversively cheeky attitude. See for
example their FAQ page
[39], and don't miss the infrequently asked
questions
[40]. They don't tell us what,
if anything, "Bomis" means, but they provide a page where you can guess
[41], one chance in
65,340. P.S. -- Bomis rhymes with Thomas.